Law firm cyber security insurance – are you fully covered?

Law firm cyber security insurance - are you fully covered?Law firm cyber security is a hot topic at the moment. This has led to professional indemnity insurers offering policies or bolt-ons to give cover.

The insurance question came to the fore recently when the Law Society of Scotland appointed Lockton as its Master Broker. Lockton’s Master Policy Professional Indemnity proposal form clearly requests information on your cyber security measures.

Although the cyber information request is supplementary, it raises a variety of questions. The answers to these questions are often unknown in many law firms.

So, what do you need to know?

Judging from the Lockton questionnaire, these are the key questions you’ll need to answer:

  • Do you (or your outsourced provider) back up your data at least once per week?
  • Are these back-ups stored in a site that is separate from your physical premises?
  • Do you have anti-virus software and firewalls in place and update them at least quarterly?
  • Is all sensitive data that is physically removed from your premises (including back-ups, laptops, mobile/portable devices, USBs), or transmitted over open networks, encrypted?
  • Is there a process in place that includes internal and external sign off before content being published on your website, social media pages, or physical media?
  • Do at least two members of staff review and authorise any funds transfers or cheques above £10,000, or the issue of instructions for the disbursement of assets, funds or investments?
  • Do you have a patch management policy in place that enables you to carry out critical software patches within 30 days?
  • Please provide details of the following third-party suppliers: Antivirus/Firewalls, Cloud Computing Hosting & Business Critical Software.

The questions affect different aspects of your business, not least your practice management software. Let’s take each in turn and offer a little guidance.


If you use on-premise servers, the responsibility for backing up your data is in your own hands. Generally, you should take backups daily and remove the backup media from your premises or place it in a fire-proof location. Alternatively, you can use a cloud-based backup solution.

Storing your data and hosting your practice management software on a cloud-based platform is a different matter. Backups are automatic. Your cloud service provider will be able to tell you of frequencies and security measures. For example, LawCloud is backed up at several times daily and in triplicate.

Anti-virus and firewalls.

Again, if you use your own servers, you will have to develop robust systems for implementing and maintaining these. As a rule of thumb, you should update anti-virus definitions and firewalls immediately updates become available.

For Cloud users, it’s straightforward. For example, LawCloud anti-virus is updated daily. We update firewall (firmware or operating software) when suppliers release patches and according to our hosts’ patch policy.

Removal and encryption of data.

With a cloud-based system, you have little need to remove data. Your connection between your device and the datacentre will be encrypted (by SSL).

Once again, non-cloud systems are only as secure as your own operating procedures and protocols.

Websites and social media.

Again, this is down to your own internal systems. However, we have published a series of resource articles on this subject. You can read them on the following links:


This also is down to your own internal protocols and procedures. However, if you feel these may need a little upgrading, it is worth reading this article as a salutary tale: Fraudulent bank calls to law firms – how to protect yourself.

Patch Management.

For the cloud, datacentres should prioritise the patching of internal systems by role, importance and location in the network. It should automatically deploy and manage patches where appropriate. At LawWare, in addition to this, we update each LawCloud server ourselves. We do this for updates released for Microsoft operating systems and all application software used on the cloud.

We test these on a test server before rolling them out to all servers. Assuming all updates pass our compatibility test, we apply them within three days of passing the test. Microsoft releases security updates at least monthly; other vendors’ timescales differ.

Yet again, if you are not on the cloud, your own IT team are responsible for the management of patches.

Supplier Details.

You should have ready access to all anti-virus and business critical software supplier details if you are using your own server and IT infrastructure. For the cloud, your cloud service provider should be able to provide them for you readily.

LawWare has a detailed policy on cyber-security responsibilities. You can view it by clicking the link below.

Mike O’Donnell, October 2017.


© LawWare Limited 1995-2020


Join over 475 law firms across the United Kingdom.

Our clients range from small start-up legal practices to multi-partner, multi-site firms.

Another great customer service experience from LawWare. My laptop had to be stripped back to factory settings as part of a repair - taking hours! In contrast, restoring LawWare took one phone call to the support team and I was up and running in 6 minutes. If only everything was so easy!

VI pensions Law Ltd.
Vanessa Ingram

As the first commercial user of LawWare back in 1998, we have had no hesitation in remaining with the product through its development. We thoroughly recommend it to any firm looking for a practice management system.

Alastair Hart & Co.
Alastair Hart

The helpdesk is exceptionally good. Whatever the query there is always a human being there to help. No leaving messages or being advised to go to a website. The best computer service for solicitors I have ever used!

South Forrest
Irene Yule

The linking of documents and casefiles saves so much time! I have experience of several accounts packages and I like that LawWare is simple to use and easy to learn. Support is quick and effective and staff are helpful and courteous.

Sprang Terras
Fiona Allison

I have worked with a number of Case Management providers over the years but have not come across anything with the attention to detail and thoroughness of LawWare. My colleagues and I have not been disappointed.

Brymer legal Ltd.
Professor Stewart Brymer

I can’t imagine trying to be a law firm in the 21st Century without 21st Century IT systems. Having a ‘single system’ that underpins all the work, whether we are in the office or out, is an integral part of what we are building.

Sneddon Morrison
Eric Lumsden

The level of support is the main benefit using this system.  The system itself once you have had training is simple and easy to use. We have a great relationship with LawWare and the ongoing support is second to none.      

Linda George Family Law
Sharon Rodger

Significant preparation was required to configure and import the data from our old firm. We had to get all clients onto the new system and then learn how to use it. We just find it very easy to use, much easier than our old system.

Scanlon Ewing
Maureen Ewing

Being a busy litigator with a growing firm it is incredibly useful to be able to view my files from any location with some form of internet connection. I am a fan, and want to keep working with LawWare to make a good product great.

Helix Law Limited
Jonathan Waters

The switch to the new LawCloud system, which is still on-going, has gone very well. We found the LawWare team without exception to be very helpful and knowledgeable. All queries are followed up and dealt with promptly.

Cullen Kilshaw
Ross Kilshaw

interested in

Explore LawWare

Connect With Us

Scroll Up